Data Privacy Highlights: May 15

This Week in Data Privacy, we're covering a variety of topics, including...

???? Minnesota Advances Consumer Data Privacy Act

??? Colorado Pioneers AI Legislation

??? Vermont Empowers Consumers with New Data Privacy Law

????? Judge Dismisses X Lawsuit Against Data-Scraping Firm

??? Creating a Sustainable Cookie Program: A Comprehensive Guide

???? The Dark Side of Virtual Try-On Tools: Safeguarding Biometric Data

??? Maryland Enacts Landmark Kids Code to Protect Children's Online Data

??? Striking the Balance: Personalized Marketing Without Invading Privacy

?? Five Step Guide to Mastering a Cookies Audit

and...

?? Offensive Cybersecurity Strategies with Bryson Bort

———

Minnesota Advances Consumer Data Privacy Act

On February 26, 2024, Minnesota's House Bill 2309, the Consumer Data Privacy Act, was amended and passed by the Commerce Finance and Policy Committee. It has now been re-referred to the Judiciary Finance and Civil Law Committee. This comprehensive bill defines key terms like personal data, controller, and processor, and outlines obligations for transparency, data use, and privacy assessments. It grants consumers rights to access, correct, erase, and opt-out of data collection, with enforcement by the Attorney General, including penalties up to $7,500. Stay updated on the bill's progress here.

Read more?here .

Colorado Pioneers AI Legislation

On May 8, 2024, Colorado's legislature passed the Colorado Artificial Intelligence Act (SB 205), positioning the state as the first to regulate high-risk AI systems. If signed by Governor Jared Polis, this bill will set standards for developers and deployers, focusing on preventing algorithmic discrimination and ensuring transparency. The bill, effective February 2026, underscores a balanced approach to innovation and regulation, with enforcement led by the Attorney General.?

Learn more?here .

Vermont Empowers Consumers with New Data Privacy Law

Vermont has passed one of the nation’s most robust data privacy laws, enabling individuals to sue companies for privacy violations. If signed by Governor Phil Scott, Vermont will become the 18th state to grant consumers rights to access, delete, and stop the sale of their personal data. Key features include stringent data minimization, robust civil rights protections, and a private right of action, allowing consumers to sue large companies for data misuse. Scheduled to take effect on July 1, 2025, this bill sets a new standard in state privacy laws, resisting Big Tech lobbying to ensure strong consumer protections.

Read more?here ?and?here .

Judge Dismisses X Lawsuit Against Data-Scraping Firm

On May 13, 2024, a California judge dismissed X Corp.’s lawsuit against Bright Data, an Israeli data-scraping firm. X, formerly Twitter, accused Bright Data of fraud and breach of contract for scraping and selling publicly available information from the platform. Judge William Alsup ruled that data scraping is not inherently fraudulent and that social media platforms cannot arbitrarily control public data usage. This decision prevents the creation of information monopolies and underscores the public's right to access online information.

Read more?here .

Creating a Sustainable Cookie Program: A Comprehensive Guide

Effective cookie management is crucial for compliance with privacy laws worldwide. This guide outlines key steps for establishing a sustainable cookie program, including forming a cross-functional team, developing a cookie governance policy, and implementing robust systems and technology. Regular audits, privacy impact assessments, and employee training are essential for ongoing compliance. Adapting to evolving business practices and privacy laws ensures your program remains effective and trustworthy. For more details, read the full article?here .

The Dark Side of Virtual Try-On Tools: Safeguarding Biometric Data

As virtual try-on tools gain popularity, the use of biometric data like facial recognition and fingerprints raises significant privacy concerns. Hackers can steal these permanent identifiers to impersonate victims and access sensitive information. To protect biometric data, consumers should limit sharing, vet trusted entities, and read privacy policies. Businesses must minimize data collection, securely dispose of data, and have robust breach response protocols. Understanding laws like the Illinois Biometric Information Privacy Act (BIPA) is crucial. As cyber threats evolve, both consumers and businesses need to prioritize biometric data security.

Read more?here . Maryland Enacts Landmark Kids Code to Protect Children's Online Data

On May 9, 2024, Maryland Governor Wes Moore signed Senate Bill 571, the Maryland Kids Code, which takes effect on October 1, 2024. This law mandates that entities providing online products likely to be accessed by children must prioritize children's privacy, safety, and well-being. Key provisions include conducting Data Protection Impact Assessments (DPIAs) and avoiding dark patterns that exploit children's data. Covered entities must ensure their practices align with the best interests of children, even when conflicting with commercial interests. This act represents a significant step in enhancing online protections for children.

Read more?here .?

Striking the Balance: Personalized Marketing Without Invading Privacy

In job interviews, knowing a company's mission and products is impressive, but delving into an interviewer's personal life is a breach of privacy. Similarly, businesses must balance personalization with respecting consumer privacy. With 94% of consumers wary of data mishandling, companies must tread carefully. Here are six strategies to personalize marketing without overstepping:

• Build a First-Party Data Program: Collect data directly from users for more accurate insights.
• Add a Preference Center: Allow users to control how their data is used.
• Always Ask Permission: Ensure explicit consent for data use.
• Regularly Review Cookies: Stay compliant and transparent with cookie practices.
• Involve Multiple Departments: Privacy should be a shared responsibility.
• Understand Opt-In/Opt-Out Obligations: Build trust through clear consent mechanisms.

Implementing these strategies can enhance personalization while maintaining consumer trust and compliance. Read the full article?here .

Five Step Guide to Mastering a Cookies Audit

In my latest Forbes article, I share the five steps to mastering a cookies audit. Businesses should be conducting a comprehensive cookie audit and ensure compliance with data privacy regulations. It emphasizes the importance of understanding the types of cookies used, their purposes, and obtaining proper user consent. By following this guide, businesses can mitigate legal risks, enhance user trust, and future-proof their online operations. Read it here.

Offensive Cybersecurity Strategies with Bryson Bort

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Bryson ?? Bort , the CEO and Founder of SCYTHE , to discuss his offensive cybersecurity strategy. They talk about the issues with training, the problems SCYTHE solves, learning about ransomware, and his previous work with Target. They also touch on Bryson’s process for grabbing and keeping attention.

Here’s a glimpse of what you’ll learn:

• Bryson Bort’s career and why he developed Project Crossbow
• Why Bryson uses unicorns as a symbol
• The problems SCYTHE is designed to solve
• Turning security into an organic process rather than boring training
• How cryptocurrency and ransomware are tied together
• Actionable steps companies can take now

Listen to podcast episode?here .?

***

Don't forget to check out all the resources we have including She Said Privacy/He Said Security podcast episodes, our 2024 privacy checklist, sketchbooks and much more at www.redcloveradvisors.com